FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
82752070-0349-11e7-b48d-00e04c1ea73dwordpress -- multiple vulnerabilities

WordPress versions 4.7.2 and earlier are affected by six security issues.

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Discovery 2017-03-07
Entry 2017-03-07
wordpress
< 4.7.3,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.7.3

http://www.openwall.com/lists/oss-security/2017/03/07/3
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/